/**
 * hnjz.com Inc.
 * Copyright (c) 2004-2013 All Rights Reserved.
 */
package com.hnjz.common.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import com.hnjz.common.security.AppCtxStrategy;
import com.hnjz.common.security.CtxUtil;
import com.hnjz.common.security.SecurityData;
import com.hnjz.sys.user.User;

/**
 * <li>手机端，将已经登录的用户放入到ctxutil中
 * <li>去除请求参数中的空格
 * 
 * @author wumi
 * @version $Id: MoHandlerInterceptor.java, v 0.1 Apr 22, 2013 10:52:00 AM wumi Exp $
 */
public class MoHandlerInterceptor implements HandlerInterceptor {

    /**日志*/
    private static final Log log = LogFactory.getLog(MoHandlerInterceptor.class);


    private SecurityData     securityData;

    /** 
     * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
     */
    @Override
    public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object arg2)
                                                                                          throws Exception {
   
        String url = req.getRequestURI();
        
        //服务端的请求，需要将权限数据放入到AppCtxStrategy中
        if (!StringUtils.endsWith(url, ".mo")) {
            Object obj = CtxUtil.getPrincipal();
            if (null == obj) {
                return true;
            }
            String key = arg2.toString();

            String fid = req.getParameter("fid");
            req.setAttribute("fid", fid);
            if (log.isDebugEnabled()) {
                log.debug("url:" + url);
                log.debug("@Controller:" + arg2.toString());
            }
            if (StringUtils.isBlank(fid)) {
                fid = securityData.getFunctionId(key);
            } else {
                securityData.add(key, fid);
            }
            if (obj instanceof User) {
                User cur = (User) obj;
                AppCtxStrategy.setContext(securityData.getOper(cur.getRole(), fid));
            }
            return true;
        }
        //手机端的登录和更新客户端，不校验用户登录
        if (StringUtils.endsWith(url, "login.mo") || StringUtils.contains(url, "client")) {
            return true;
        }

        return true;
    }

    /** 
     * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
     */
    @Override
    public void afterCompletion(HttpServletRequest req, HttpServletResponse arg1, Object arg2,
                                Exception arg3) throws Exception {
        //手机端的请求需要清楚验证信息
        String url = req.getRequestURI();
        if (StringUtils.endsWith(url, ".mo")) {
            SecurityContextHolder.clearContext();
        }
        AppCtxStrategy.clearContext();
    }

    /** 
     * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
     */
    @Override
    public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2,
                           ModelAndView arg3) throws Exception {
    }

    public void setSecurityData(SecurityData securityData) {
        this.securityData = securityData;
    }
   

}
